====== Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables ======
**General Information**
Firewalld is a new zone based firewall in RHEL 7. It replaces iptables.
----
===== Firewall Stack =====
* firewall-config => GUI Frontend for firewalld
* firewall-cmd => Cmd line frontend for firewalld
* firewalld => Daemon that interacts with the Linux kernel's packet filter, Netfilter
* cannot be used at the same time as iptables
* iptables => Interacts with the Linux kernel's packet filter, Netfilter
* cannot be used at the same time as firewalld
----
===== Firewalld (firewall-cmd, firewall-config) =====
Install and start firewall packages (included by default on base, not minimum install)
yum install firewalld firewall-config
systemctl start firewalld
systemctl enable firewalld
\\
View zone names
firewall-cmd --get-zones
\\
View default zone
firewall-cmd --get-default-zone
* Zone "public" applies to all interfaces (the catch all)
\\
View current rules (default zone)
firewall-cmd --list-all
\\
View rules, specify zone
firewall-cmd --zone=home --list-all
\\
View all zones rules
firewall-cmd --list-all-zones
\\
Add source IP network for home zone (Runtime change)
firewall-cmd --zone=home --add-source=192.168.1.0/24
* Runtime/Non-persistent changes are instant, but don't survive a reload/reboot
\\
Permanent change (survives firewall reload or system reboot)
firewall-cmd --zone=home --permanent --add-source=192.168.1.0/24
firewall-cmd --reload
* Permanent changes do not take effect until a firewall-cmd --reload
\\
Allow HTTP on default zone (instant change and also permanent)
firewall-cmd --add-port=80/tcp
firewall-cmd --permanent --add-port=80/tcp
\\
Launch GUI, firewall-config
firewall-config
----
===== iptables =====
You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, and then enabling the iptables service.
----